Description
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability
Action: Patch
AI Analysis

Impact

A race condition has been identified within the security control module of Huawei HarmonyOS, which could allow an attacker to manipulate the timing of concurrent operations and cause the affected service to fail or become unavailable. The vulnerability is classified as CWE‑362 and CWE‑840, indicating improper handling of shared resources under concurrent conditions. Successful exploitation could lead to denial of service conditions, interrupting normal device operation.

Affected Systems

The issue is reported for Huawei HarmonyOS version 6.0.0. It is likely relevant to any build that contains the unpatched security control module and has not yet applied the official firmware update.

Risk and Exploitability

The base CVSS score of 4.0 indicates low severity, and the EPSS score of less than 1 % indicates a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Because the race condition involves shared system resources, the likely attack vector would be local or privileged, requiring an attacker to gain elevated access or force concurrent requests. Overall risk remains low but patching is recommended to prevent service disruption.

Generated by OpenCVE AI on April 16, 2026 at 12:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the firmware update released by Huawei for HarmonyOS 6.0.0 that resolves the race condition in the security control module (see the March 2026 consumer bulletin).
  • Reboot the device after applying the update to activate the new code path and clear any stale states.
  • Restrict or remove third‑party applications that request elevated privileges on the security control module, limiting opportunities for race condition triggers.
  • Enable detailed system logging for the security control module and monitor for abnormal service restarts or failures that may indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Race Condition in HarmonyOS Security Control Module Leading to Availability Impact

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Weaknesses CWE-362
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-840
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:41:18.295Z

Reserved: 2026-02-28T03:58:12.089Z

Link: CVE-2026-28550

cve-icon Vulnrichment

Updated: 2026-03-05T15:29:09.785Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:59.630

Modified: 2026-03-05T21:41:04.763

Link: CVE-2026-28550

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses